icedid | a68aed5f4ef4bf512065a8f7505c14beb14b912b2a37e07831ee16f7076925e9

Analysis

max time kernel
142s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
22-12-2024 05:33

Target

JaffaCakes118_a68aed5f4ef4bf512065a8f7505c14beb14b912b2a37e07831ee16f7076925e9.dll
Size

490KB
MD5

28d1452cfeaf7b70e425e07d54be0181
SHA1

2eab36e8e89ed6ae98a75dbf8d738d56a44a2816
SHA256

a68aed5f4ef4bf512065a8f7505c14beb14b912b2a37e07831ee16f7076925e9
SHA512

e7371764c641fc94992cc48fb94d652c791b7d38a8d9a95580aa6fcad14206c3d74f0b11fb37e321c3cbb1001fdc59570c407c2a5f52663a2df4d0d1e055c0de
SSDEEP

12288:mFnmEQb6xK6EOcEELeBdUDBBe6pLtzPhGHUaRj:knmj6xK1y3Ik6TZGRj

Score

10^/10

Family

icedid

Campaign

3467965077

firenicatrible.com

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Icedid family
icedid

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4888	regsvr32.exe
4888	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a68aed5f4ef4bf512065a8f7505c14beb14b912b2a37e07831ee16f7076925e9.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:4888

memory/4888-0-0x0000000002DB0000-0x0000000002DBE000-memory.dmp

Filesize
56KB

Download
memory/4888-1-0x0000000002DB0000-0x0000000002DBE000-memory.dmp

Filesize
56KB

Download